Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,119
NuGet
735
pip
3,941
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

111,549 advisories

Loading
The Ultimate Classified Listings plugin for WordPress is vulnerable to Local File Inclusion in... High Unreviewed
CVE-2025-9874 was published Sep 11, 2025
A Path Traversal vulnerability in the archive extraction component in Google SecOps SOAR Server ... High Unreviewed
CVE-2025-9918 was published Sep 11, 2025
The User Meta – User Profile Builder and User management plugin plugin for WordPress is... High Unreviewed
CVE-2025-9693 was published Sep 11, 2025
Delta Electronics DIALink has an Directory Traversal Authentication Bypass Vulnerability. High Unreviewed
CVE-2025-58320 was published Sep 11, 2025
The Propovoice: All-in-One Client Management System plugin for WordPress is vulnerable to... High Unreviewed
CVE-2025-8422 was published Sep 11, 2025
The My WP Translate plugin for WordPress is vulnerable to unauthorized modification of data that... High Unreviewed
CVE-2025-8425 was published Sep 11, 2025
The Catalog Importer, Scraper & Crawler plugin for WordPress is vulnerable to PHP code injection... High Unreviewed
CVE-2025-8417 was published Sep 11, 2025
The All in one Minifier plugin for WordPress is vulnerable to SQL Injection via the 'post_id'... High Unreviewed
CVE-2025-9073 was published Sep 11, 2025
The Altiris Core Agent Updater package (AeXNSC.exe) is prone to an elevation of privileges... High Unreviewed
CVE-2025-9059 was published Sep 11, 2025
Angular SSR: Global Platform Injector Race Condition Leads to Cross-Request Data Leakage High
CVE-2025-59052 was published for @angular/platform-server (npm) Sep 10, 2025
alan-agius4 jelbourn
josephperrott thePunderWoman atscott jkrems
Use after free in Serviceworker in Google Chrome on Desktop prior to 140.0.7339.127 allowed a... High Unreviewed
CVE-2025-10200 was published Sep 10, 2025
Inappropriate implementation in Mojo in Google Chrome on Android, Linux, ChromeOS prior to 140.0... High Unreviewed
CVE-2025-10201 was published Sep 10, 2025
An issue was discovered in rust-ffmpeg 0.3.0 (after comit 5ac0527) A null pointer dereference... High Unreviewed
CVE-2025-57613 was published Sep 10, 2025
An issue was discovered in rust-ffmpeg 0.3.0 (after comit 5ac0527) Integer overflow and invalid... High Unreviewed
CVE-2025-57614 was published Sep 10, 2025
An issue was discovered in rust-ffmpeg 0.3.0 (after comit 5ac0527) An integer overflow... High Unreviewed
CVE-2025-57615 was published Sep 10, 2025
Shopware: Reflective Cross Site-Scripting (XSS) in CMS components High
GHSA-9v82-vcjx-m76j was published for shopware/core (Composer) Sep 10, 2025
xml2rfc is vulnerable to arbitrary file reads through prepped files High
GHSA-9mv7-3c64-mmqw was published for xml2rfc (pip) Sep 10, 2025
WebSocket endpoint `/api/v2/ws/logs` reachable without authentication even when --auth is enabled High
CVE-2025-54376 was published for github.com/SpectoLabs/hoverfly (Go) Sep 10, 2025
Kr1shna4garwal
PyInstaller has local privilege escalation vulnerability High
CVE-2025-59042 was published for pyinstaller (pip) Sep 10, 2025
Claude Code vulnerable to arbitrary code execution caused by maliciously configured git email High
CVE-2025-59041 was published for @anthropic-ai/claude-code (npm) Sep 10, 2025
Picklescan Bypass is Possible via File Extension Mismatch High
GHSA-jgw4-cr84-mqxg was published for picklescan (pip) Sep 10, 2025
Picklescan: ZIP archive scan bypass is possible through non-exhaustive Cyclic Redundancy Check High
GHSA-mjqp-26hc-grxg was published for picklescan (pip) Sep 10, 2025
If an unauthenticated user sends a large amount of data to the Stork UI, it may cause memory and... High Unreviewed
CVE-2025-8696 was published Sep 10, 2025
The eudskacs.sys driver version 20250328 shipped with EaseUs Todo Backup 1.2.0.1 fails to... High Unreviewed
CVE-2025-50892 was published Sep 10, 2025
Intelbras IWR 3000N 1.9.8 exposes the Wi-Fi password in plaintext via the /api/wireless endpoint.... High Unreviewed
CVE-2025-55976 was published Sep 10, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database